CONFIDENTIALITY POLICY ON THE PROCESSING OF PERSONAL DATA
VESTALI guarantees the right to the protection of personal data and undertakes to process your data in full compliance with Regulation (EU) 2016/679 (“General Data Protection Regulation” or “GDPR”), as well as any other applicable legislation in Romania and the EU.
We reserve the right to periodically update and amend this Privacy Policy, to reflect any changes in the way we treat users’ personal data or any changes to legal requirements. In the event of such changes, we will post the amended version of the Privacy Policy on our website, which is why you should periodically check the content of this Privacy Policy.
Who we are and how you can contact us:
VESTALI (www.vestali.eu) is the commercial name of Eros Style SRL, with registered office in Romania, Constanta, 900598, Ion Lahovari, 170, with order number in the Business Register J13 / 2021/2007, unique tax code 21948615.
If you need further information on the processing of your data, please contact our team at info@vestali.eu.
Personal data processed
In general, we collect your personal data directly from you, so that you have control over the type of information you provide to us, as follows:
When you create an account on vestali.eu, you send us: e-mail address, name and surname;
Within your personal page (My account) from the www.vestali.eu platform you can add further information, such as: mobile number, delivery addresses;
When placing an order, please provide information such as: the desired product, name and surname, delivery address, billing information, payment method, telephone number, etc.
Through the page www.vestali.eu, the user sends us: name, e-mail address and / or telephone number, city of residence, date of birth, favorite color and size worn.
Subscription to the newsletter involves the collection of your e-mail address.
We may also collect and process some information about your behavior while visiting our website, to personalize your online experience and offer you offers tailored to your profile. We invite you to find out more details in this regard by consulting the section relating to the purposes of the processing below.
On our website we can store and collect information through cookies and similar technologies, in accordance with the Cookie Policy.
We do not collect or otherwise process sensitive data, included in the General Data Protection Regulation in special categories of personal data. Furthermore, we do not intend to collect or process data from minors under the age of 16.
What are the purposes and reasons for data processing?
We will use your personal data for the following purposes:
Provide the services of VESTALI for your benefit.
This general purpose may include, as appropriate, the following:
a) Account creation and management within the VESTALI platform;
b) Order processing, including acquisition, validation, shipping and billing;
c) Resolution of cancellations or problems of any kind relating to an order, goods or services purchased;
d) Return of products in accordance with the provisions of the law;
e) Reimbursement of the value of the products in accordance with the provisions of the law;
f) To provide support services, including answering your questions regarding your orders or VESTALI’s goods and services.
The processing of your data for these purposes is, in most cases, necessary for the conclusion and execution of a contract between VESTALI and you. Furthermore, some processing carried out for these purposes is required by applicable law, including tax and accounting laws.
Improve our services
We always want to offer you the best online shopping experience. To this end, we may collect and use certain information relating to buyer behavior, invite you to fill in satisfaction questionnaires after completing an order or conduct market studies and research.
These activities are based on our legitimate interest in carrying out commercial activities, always taking care not to infringe your fundamental rights and freedoms.
For marketing
We want to keep you updated on the best offers of products / services you are interested in. In this sense, we can send you any type of message (for example: e-mail / SMS / webpush / etc.) containing general and thematic information, information on products similar or complementary to those you have purchased, information on offers or promotions, information on products added in the “My account / cart” section, as well as other commercial communications such as market research and opinion polls. To provide you with information of interest to you, we may use some data on your behavior as a buyer (e.g. products viewed / added to the wish list / purchased) to create a profile.
In most cases, we base your marketing communications on your prior consent. You can change your mind and withdraw your consent at any time by accessing:
– By accessing the unsubscribe link displayed in the messages you receive from us;
– by accessing the link for updating personal data displayed in the messages received;
– by contacting VESTALI at the e-mail address: info@vestali.eu.
– To unsubscribe from webpush notifications, you need to access the settings section of the site of the browser used (Google Chrome, Internet Explorer, Mozilla Firefox, etc.) and choose the blocking option in the notifications section.
In all situations in which we use information concerning you for our legitimate interest, we take care to take all necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can request us at any time, by the means described above, to stop the processing of your personal data for marketing purposes and to follow up on your request.
Legitimate interests
There may be situations where we will use or transmit information to protect our rights and business. Such situations may include:
– Measures to protect the website and users of the VESTALI platform from cyber attacks;
– Measures to prevent and detect fraud attempts, including the transmission of information to competent public authorities;
– measures for managing various other risks.
The general basis of these types of processing is our legitimate interest in defending our business, it being understood that we ensure that all measures taken ensure a balance between our interests and your fundamental rights and freedoms.
Furthermore, in some cases we initiate the processing on the basis of legal provisions, such as the obligation to ensure the protection of the assets and values provided for by the applicable legislation in this field.
How long do we keep your personal data
The user’s personal data will be kept for as long as the user has an account on the VESTALI platform. You can ask us at any time to delete certain information or to close your account and we will respond to these requests, provided we retain certain information even after your account is closed, in cases where applicable law or our legitimate interests require it.
To whom we transmit your personal data
Where applicable, we may transmit or provide access to certain personal data of the user to the following categories of recipients:
– courier service providers;
– payment / banking
service providers – IT service providers;
If we have a legal obligation or if it is necessary to defend a legitimate interest, we may also disclose some personal data to public authorities.
We guarantee that access to your data by third-party legal entities under private law takes place in compliance with the legal provisions on data protection and confidentiality of information, on the basis of the contracts concluded with them.
VESTALI stores and processes your personal data in Romania.
How we protect the security of your personal data
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures, according to industry standards.
The transmission of your personal data takes place using state-of-the-art encryption algorithms and we store them on secure servers while ensuring data redundancy.
To make payments through the platform, we use the services of the Netopia payment processor. All payment information is encrypted using HTTPS technology with TLS 1.3 encryption.
Despite the measures taken to protect your personal data, we wish to point out that the transmission of information on the Internet, in general, or through other public networks, is not completely secure, as there is a risk that the data may be viewed and used by third parties. . unauthorized parties. We cannot be held responsible for such vulnerabilities of systems that are not under our control.
What rights do you have?
The General Data Protection Regulation will grant you a number of rights in relation to your personal data. You can request access to your data, correct any errors in our files and / or object to the processing of your personal data. You can also exercise the right to lodge a complaint with the competent supervisory authority or to bring justice. As the case may be, you also have the right to request the deletion of your personal data, the right to restrict the processing of your data and the right to data portability.
Further information on each of these rights can be obtained by consulting the section below.
To exercise your rights, you can contact us using the contact details indicated above. If you wish to exercise these rights, please note the following:
Identity . We take the confidentiality of all documents containing personal data very seriously. For this reason, please send us your inquiries regarding such registrations using the email address of your VESTALI account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Costs.
We will not charge any fees for exercising the rights relating to your personal data.
Duration of response.
We aim to respond to any valid request within a maximum of 15 working days, unless it is a particularly complicated request or if you have submitted multiple requests, in which case we will respond within a maximum of 1 month. We will inform you if the response time exceeds 1 month. We may request further clarification to allow us to act more quickly and reduce the response time to your request.
Third party rights.
We will not have to follow up on a request if this would affect the rights and freedoms of other data subjects.
The user has the following rights regarding personal data:
a. Access to your data
You can ask us
– to confirm whether we process your personal data;
– to make a copy of such data available;
– to provide you with other information about your personal data, such as the data we hold, what we use, who we disclose, if we transfer them abroad and how we protect them, how long we keep them, what rights you have, how you can submit a complaint, from where we obtained your data, to the extent that the information has not already been provided to you by this notice.
b. Rectification of your data
You can ask us to rectify or supplement your inaccurate or incomplete personal data.
You can try to verify the accuracy of the data before rectifying it.
c. Data
deletion You can ask us to delete your personal data in one of the following situations:
– they are no longer necessary for the purposes for which they were collected;
– you have withdrawn your consent (if the data processing is based on your consent);
– pursue a legal right that is opposed to it;
– have been treated illegally;
– we have a legal obligation in this regard;
We are under no obligation to comply with your request for deletion of your personal data if the processing of your personal data is necessary
– for the fulfillment of a legal obligation;
– for the assessment, exercise or defense of a right in court.
– other circumstances in which we are not obliged to comply with your data deletion request.
d. Limitation of data processing
You can ask us to limit the processing of personal data in one of the following situations:
– their accuracy is disputed (see the rectification section), to allow us to verify their accuracy;
– the processing is illegal, but you do not want the data to be deleted;
– they are no longer necessary for the purposes for which they were collected, but they are used to ascertain, exercise or defend a right in court;
– you have exercised your right to object and the verification of the prevalence of our rights is underway.
We may continue to use your personal data following a restriction request if:
– we have your consent;
– to ascertain, exercise or guarantee the defense of a right in court;
– to protect the rights of VESTALI or another natural or legal person.
And. Data portability
You can ask us to provide you with your personal data in a structured, commonly used and automatically readable format, or you can ask for them to be “brought” directly to another operator, but in any case only if:
– the processing is based on your consent or the conclusion or performance of a contract with you;
– and if the processing is carried out by automatic means.
f. Opposition
You can object at any time, for reasons related to the particular situation in which you find yourself, to the processing of your personal data based on our legitimate interest, if you believe that your fundamental rights and freedoms outweigh this interest.
Furthermore, you can object to the processing of your data for direct marketing purposes (including the creation of profiles) at any time, without giving any reason, in which case we will stop this processing as soon as possible.
g. Automatic decision-making
You can request not to be the subject of a decision based solely on automatic processing, but only when this decision
– produces legal effects on you or affects you in a similar and significant way.
This right does not apply if the decision made after automatic processing:
1. is necessary to conclude or perform a contract with you;
2. is authorized by law and there are adequate safeguards for your rights and freedoms.
3. is based on your explicit consent.
h. Complaints
You have the right to lodge a complaint with the supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:
National supervisory authority for the processing of personal data
G-ral Boulevard. Gheorghe Magheru n. 28-30, Sector 1, Postal Code 010336, Bucharest, Romania
Telephone: +40.318.059.211 or +40.318.059.212;
E-mail: anspdcp@dataprotection.ro
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise that we will make every effort to resolve any issues in an amicable manner.
We remind you that you can contact us at any time with data protection by sending your request through one of the following ways:
– by e-mail to the address: info@vestali.eu or
– to the telephone number: +40.741.565.758